diff --git a/.gitignore b/.gitignore
index 5f48a8c13fede9fdada5178d667f594ea30ef174..26c584815647e31869c8bbd432944f2911828a8d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@
 
 # Ignore files created during CI using test/ci-bootstrap.py
 /test/group_vars/
+/test/secrets/
 /test/inventory.yml
 
 # Etc
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 35c94f50a956c5e4e4d22a9551d8ea52b45c2ba5..36f15ba00cbeb54d5c86424c85da0d21c6167ae0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -31,7 +31,6 @@ bootstrap:
     - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
     # - mkdir -p --mode 700 ~/.ssh
     - ANSIBLE_HOST_KEY_CHECKING=False python3 -u ./ci-bootstrap.py --create_droplet
-    - echo "import cosmos; cosmos.terminate_droplets_by_name(\"^ci-${CI_JOB_ID}\$\")"
     - python3 -c "import cosmos; cosmos.terminate_droplets_by_name(\"^ci-${CI_JOB_ID}\$\")"
   artifacts:
     paths:
diff --git a/ansible/group_vars/cluster/settings.yml.example b/ansible/group_vars/cluster/settings.yml.example
index c9f3248c213d1d16f303c9b661e94a0be00f1ed5..57f70bd5221976ea03c6617fe7203c055b69c0bd 100644
--- a/ansible/group_vars/cluster/settings.yml.example
+++ b/ansible/group_vars/cluster/settings.yml.example
@@ -6,4 +6,4 @@ domain: "example.com"
 admin_email: "admin@example.com"
 # Label of this deployment.
 release_name: "test"
-keycloak_password: 'baevooPee9ahkah8hew6heer5gooNooc'
+keycloak_password: "{{ lookup('password', './secrets/keycloak_admin_password') }}"
diff --git a/test/bootstrap.yml b/test/bootstrap.yml
new file mode 120000
index 0000000000000000000000000000000000000000..d29cf97c10ac85c0dc68fa448f5d9aaeae9714fe
--- /dev/null
+++ b/test/bootstrap.yml
@@ -0,0 +1 @@
+../ansible/bootstrap.yml
\ No newline at end of file
diff --git a/test/ci-bootstrap.py b/test/ci-bootstrap.py
index c2bf958f167933fa98ed988fc74b85e3561ab7db..176b868f8e1064caa4db9c9ba02f1d3d7f9a1d66 100755
--- a/test/ci-bootstrap.py
+++ b/test/ci-bootstrap.py
@@ -189,7 +189,7 @@ if __name__ == "__main__":
     # Bootstrap
     # playbook path here is relative to private_data_dir/project, see
     # https://ansible-runner.readthedocs.io/en/latest/intro.html#inputdir
-    playbook='../ansible/bootstrap.yml'
+    playbook='./bootstrap.yml'
     ansible_playbook_cmd = 'ansible-playbook %s' % playbook
 
     log.info('Running %s', ansible_playbook_cmd)
diff --git a/test/roles b/test/roles
new file mode 120000
index 0000000000000000000000000000000000000000..e4109d3736f47053d8deb67b0356f17ce2e2b9e0
--- /dev/null
+++ b/test/roles
@@ -0,0 +1 @@
+../ansible/roles
\ No newline at end of file